Arbitrary Command Injection

Overview mcp-maigret is a MCP server for maigret - OSINT username search across social networks Affected versions of this package are vulnerable to Arbitrary Command Injection via the searchusername process in index.ts when handling the Username argument. An attacker can execute arbitrary system...

D-Link DIR-600 命令注入漏洞

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in D-Link DIR-600 2.15WWb02 and earlier versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

Asterisk 安全漏洞

Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. Versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2 have security vulnerabilities. These vulnerabilities stem from astcoredump...

TeamViewer DEX Client Command Injection Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

PT-2026-6649

Name of the Vulnerable Software and Affected Versions enclave-vm versions prior to 2.10.1 @enclave-vm/core versions prior to 2.10.1 Description The security measures within enclave-vm are inadequate. The Abstract Syntax Tree AST sanitization can be circumvented using dynamic property accesses. Th...

CVE-2025-13375 IBM Common Cryptographic Architecture Arbitrary Command Execution

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

CVE-2025-13375

IBM Common Cryptographic Architecture (CCA) versions affected: 7.5.52 and 8.4.82. The Red Hat/IBM bulletin and NVD entries indicate an unauthenticated user could execute arbitrary commands with elevated privileges on systems running these CCA releases. Affected platforms include IBM AIX, IBM i, I...

CVE-2026-20980

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

CVE-2025-58383

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

Zenitel TCIS-3+ 安全漏洞

Zenitel TCIS-3+ is an IP intercom terminal produced by the Norwegian company Zenitel. There is a security vulnerability in Zenitel TCIS-3+, which allows authenticated attackers to execute arbitrary commands on the underlying system using the file names uploaded by them...

Exploit for CVE-2025-65791

CVE-2025-65791 — Command Injection in ZoneMinder Overview...

CVE-2025-58383 Privilege escalation via bind command in Brocade Fabric OS

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

Broadcom Brocade Fabric OS 安全漏洞

Broadcom Brocade Fabric OS FOS is an embedded operating system used in switches and routers by Broadcom Corporation. Versions of Broadcom Brocade Fabric OS prior to 9.2.1c2 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for administrator-level users to...

Arbitrary Command Injection

cai-framework is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-controlled input directly to shell commands via subprocess.Popen with shell=True, which allows an attacker to inject malicious arguments for example -exec in the findfile tool and execute arbitrar...

EUVD-2025-206613

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...